VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load

File information
Safety rating:70
Behavior list
Basic Information
MD5:b32eb45455a1870afac2abf9d64c82b6
file type:EXE
Production company:
version:
Shell or compiler information:COMPILER:PE+(64)
Subfile information:WinRAR.exe / 0c1a44e990880b7cbd0c6a081cecf8f9 / EXE
Rar.exe / 4f908870ba92f370f3011f505b0fd6c0 / EXE
RarExt.dll / 3ec593ff01fa4846cd0d27a0d6c61f7f / DLL
UnRAR.exe / 27c00c0e3b7f855bcf2124209adf8b1e / EXE
RarExt32.dll / e3438a61d11253aff1698942777c19e2 / DLL
WinRAR.chm / 1e7a61e1ef2e8fa4f05f61b872487175 / Chm
Default64.SFX / c41a76597242e2e8265a012ee6e7dc01 / EXE
WinCon64.SFX / 211f4b437842e3956a3bc4c600d2e607 / EXE
WinCon.SFX / 06a70a222e6b5be74af976f3e8ce375b / EXE
Default.SFX / 6e45ecf99de7c1c9db437f2e9901c590 / EXE
Zip64.SFX / 96a15606d4ed133ae0fe20c078b131e6 / EXE
Uninstall.exe / d42a69194e1ff797c99ca018711d9d65 / EXE
Zip.SFX / 9e18ef259387e4d5b74ec147f3e2ce44 / EXE
7zxa.dll / cb1d8115e62dc1e44d00e4cbffe41aaf / DLL
Rar.txt / 58853e27ccde64f9d7f342936c463658 / Unknown
Ace32Loader.exe / 814685e2de40ef820e1921451242ab6f / EXE
UNACEV2.DLL / de02c4d04088b69e64ecc30a3d9e22e5 / DLL
WhatsNew.txt / bb1a87154db45c9240b9270ff60308a8 / Unknown
License.txt / 672064cf19db0b083b981cf0be7662b0 / Unknown
Process behavior
Behavior description:创建本地线程
details:ProcessId = 3728, ThreadId = 3476.
ProcessId = 3728, ThreadId = 2040.
ProcessId = 3728, ThreadId = 3944.
ProcessId = 3728, ThreadId = 2004.
ProcessId = 3728, ThreadId = 2016.
ProcessId = 3728, ThreadId = 3360.
ProcessId = 3728, ThreadId = 768.
ProcessId = 3728, ThreadId = 1292.
ProcessId = 3728, ThreadId = 3460.
ProcessId = 3728, ThreadId = 3292.
ProcessId = 3728, ThreadId = 3528.
ProcessId = 3728, ThreadId = 3044.
ProcessId = 3728, ThreadId = 428.
ProcessId = 3728, ThreadId = 3032.
ProcessId = 3728, ThreadId = 3800.
File behavior
Behavior description:查找文件
details:FileName = C:\WINDOWS\FONTS\EUDC.TTE
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\USER\S-1-5-21-1170589654-2814428265-349930785-500\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo
\REGISTRY\USER\S-1-5-21-1170589654-2814428265-349930785-500\SOFTWARE\WinRAR SFX\C%%Program Files%WinRAR
Other behavior
Behavior description:检测自身是否被调试
details:IsDebuggerPresent
Behavior description:创建互斥体
details:Local\SessionImmersiveColorMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
SmartScreen_AppRepSettings_Mutex
SmartScreen_ClientId_Mutex
CommunicationManager_Mutex
!IECompat!Mutex
Behavior description:隐藏指定窗口
details:[Window,Class] = [,ComboLBox]
[Window,Class] = [,RichEdit20W]
[Window,Class] = [If you agree to the END USER LICENSE AGREEMENT (EULA), please click [Install]. If you do not agree, please click [Cancel].,Static]
[Window,Class] = [,Internet Explorer_Server]
Behavior description:查找指定窗口
details:FindWindowExW: [Class,Window] = [EDIT,]
FindWindowW: [Class,Window] = [ApplicationManager_DesktopShellWindow,]
FindWindowW: [Class,Window] = [MS_AutodialMonitor,]
FindWindowW: [Class,Window] = [MS_WebCheckMonitor,]
FindWindowExW: [Class,Window] = [OleMainThreadWndClass,]
Behavior description:打开事件
details:\KernelObjects\MaximumCommitCondition
MSFT.VSA.COM.DISABLE.3728
MSFT.VSA.IEC.STATUS.6c736db0
\SECURITY\LSA_AUTHENTICATION_INITIALIZED
Global\TabletHardwarePresent
Behavior description:窗口信息
details:Pid = 3728, Hwnd=0x402d4, Text = TITLE_BMP, ClassName = Static.
Pid = 3728, Hwnd=0xe0062, Text = Copyright © 1993-2013, ClassName = Static.
Pid = 3728, Hwnd=0xb004a, Text = by Alexander Roshal, ClassName = Static.
Pid = 3728, Hwnd=0xd024c, Text = &Destination folder, ClassName = Static.
Pid = 3728, Hwnd=0x90220, Text = C:\Program Files\WinRAR, ClassName = ComboBox.
Pid = 3728, Hwnd=0x80226, Text = C:\Program Files\WinRAR, ClassName = Edit.
Pid = 3728, Hwnd=0x80222, Text = Bro&wse..., ClassName = Button.
Pid = 3728, Hwnd=0x4040c, Text = If you agree to the END USER LICENSE AGREEMENT (EULA), please click [Install]. If you do not agree, please click [Cancel]., ClassName = Static.
Pid = 3728, Hwnd=0x50418, Text = Install, ClassName = Button.
Pid = 3728, Hwnd=0x80372, Text = Cancel, ClassName = Button.
Pid = 3728, Hwnd=0x50374, Text = WinRAR 5.50 By www.downg.com, ClassName = #32770.
Pid = 3728, Hwnd=0x1c0266, Text = 确定, ClassName = Button.
Pid = 3728, Hwnd=0xc02ee, Text = "" folder is not accessible, ClassName = Static.
Pid = 3728, Hwnd=0xd02e6, Text = Error, ClassName = #32770.
Pid = 3728, Hwnd=0xf0282, Text = Extracting files to folder , ClassName = RichEdit20W.
Behavior description:调用Sleep函数
details:[1]: MilliSeconds = 0.
[2]: MilliSeconds = 0.
[3]: MilliSeconds = 0.
Behavior description:打开互斥体
details:Local\ShimViewer
DefaultTabtip-MainUI
Local\MSCTF.Asm.MutexDefault1S-1-5-21-1170589654-2814428265-349930785-500
CicLoadWinStaWinSta0
Local\MSCTF.CtfMonitorInstMutexDefault1
Global\Windows.Machine.OOBE
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号